Tenable recently announced the formation of the Exposure Management Leadership Council, a new working group dedicated to developing and advancing principles, best practices, policies, and frameworks for exposure management.
Made up of Chief Information Security Officers (CISOs) and cybersecurity leaders from leading global organisations across a range of industries, including insurance, technology, transportation, legal, and consumer packaged foods, the Council’s mission is to mature exposure management into a widespread proactive security discipline that demonstrably reduces organisations’ cyber exposure.
The council released a new report, ‘Board meetings and the dreaded cyber risk update: a use case for exposure management‘, which captures highlights, anecdotes, and insights from the inaugural meeting. The report analyses the critical communication gap between security leaders and their boards of directors and provides a new path forward.
The report uncovers a persistent disconnect in the boardroom that impairs organisations’ ability to effectively manage and mitigate cyber risk at a time of heightened exposure and regulatory scrutiny. The disconnect stems from the security operations metrics that CISOs have historically shared during quarterly board meetings-metrics that fail to accurately capture and communicate an organisation’s true cyber exposure. This is in large part because they are sourced from disparate, siloed security tools.
“Exposure management is a strategic driver of organisational success,” explained Bob Huber, Chief Security Officer, Tenable and Chair of the Exposure Management Leadership Council. “Our goal is to shift the conversation from endless technical metrics to a strategic discussion focused on risk reduction. A standardised exposure management framework would help CISOs pinpoint their organisation’s most pressing exposures and articulate their potential business impact.”
“Exposure management can help CISOs bridge the boardroom communication gap,” added Joanna Burkey, a corporate director, former CISO at HP and Siemens Americas and member of the Exposure Management Leadership Council. “While the fundamental objectives of exposure management are proactive breach prevention and risk mitigation, an added benefit is its potential to transform the quarterly cyber update into a strategic discussion that drives action and outcomes.”
There’s plenty of other editorial on our sister site, Electronic Specifier! Or you can always join in the conversation by visiting our LinkedIn page.
